Export limit exceeded: 12701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1904 1 Cicoandcico 1 Ccmail 2026-04-23 N/A
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.
CVE-2008-2879 1 Benjacms 1 Benja Cms 2026-04-23 N/A
Benja CMS 0.1 does not require authentication for access to admin/, which allows remote attackers to add or delete a menu.
CVE-2007-4364 1 Fedoraproject 1 Commons 2026-04-23 N/A
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
CVE-2008-3891 1 Google 1 Google Apps 2026-04-23 N/A
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
CVE-2009-3585 1 Bestpractical 1 Rt 2026-04-23 N/A
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
CVE-2009-1535 1 Microsoft 3 Internet Information Services, Windows Server 2003, Windows Xp 2026-04-23 N/A
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2008-5042 1 Zeeways 1 Photovideotube 2026-04-23 N/A
Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.
CVE-2009-1489 1 Rens Rikkerink 1 Fungamez 2026-04-23 N/A
includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter.
CVE-2009-0051 1 Zxid 1 Zxid 2026-04-23 N/A
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE-2008-5219 1 Videoscript 1 Videoscript 2026-04-23 N/A
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
CVE-2009-1670 1 Tcpdb 1 Tcpdb 2026-04-23 N/A
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-0891 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks.
CVE-2008-0391 1 Alilg 1 Alitalk 2026-04-23 N/A
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.
CVE-2009-0864 1 Matteoiammarrone 1 S-cms 2026-04-23 N/A
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
CVE-2008-6300 1 Gwm 1 Galatolo Webmanager 2026-04-23 N/A
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0614 1 Cisco 1 Unified Meetingplace Web Conferencing 2026-04-23 N/A
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
CVE-2009-0591 1 Openssl 1 Openssl 2026-04-23 N/A
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
CVE-2007-5714 1 Gentoo 1 Mldonkey Ebuild 2026-04-23 N/A
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
CVE-2008-3322 1 Maian 1 Recipe 2026-04-23 N/A
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
CVE-2009-0440 1 Ibm 1 Websphere Partner Gateway 2026-04-23 N/A
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."